risu 1.5.0 → 1.5.1

data/lib/risu/base/template_base.rb

@@ -1,23 +1,50 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Base
 
 		# Base template class, all report templates must be a subclass of this.
 		#
-		class TemplateBase			
+		class TemplateBase
 			@possible_templates = []
-	
+
 			class << self
 				attr_reader :possible_templates
 			end
-			
-			# Accessor for template metadata
+
+			# Accessors for template meta-data
+			#
+			# @return [Hash] Containing template meta-data
 			#
-			# @return [Hash] Containing template metadata
 			attr_accessor :template_info
-			
+
 			#	 Adds any class that inherits from [TemplateBase] into an [Array] of
 			# possible templates for further validation.
-			#			
+			#
 			def self.inherited(child)
 				possible_templates << child
 			end

data/lib/risu/base/template_manager.rb

@@ -1,5 +1,32 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Base
+
 		class TemplateManager
 			attr_accessor :registered_templates
 
@@ -8,12 +35,13 @@ module Risu
 			# @param path Path relative to the base_dir of risu
 			#
 			# @return New instance of the template manager with templates loaded.
+			#
 			def initialize (path)
 			  @registered_templates = Array.new
 				@templates = Array.new
-				
+
 				base_dir = __FILE__.gsub("risu/base/template_manager.rb", "")
-				
+
 				load_templates(base_dir + path)
 				load_templates(File.expand_path(USER_TEMPLATES_DIR)) if File.exists?(File.expand_path(USER_TEMPLATES_DIR)) && File.directory?(File.expand_path(USER_TEMPLATES_DIR))
 			end
@@ -22,11 +50,11 @@ module Risu
 			#
 			# @param path Path to templates to load
 			#
-			def load_templates(path)				
+			def load_templates(path)
 				begin
-				  Dir["#{path}/**/*.rb"].each do |x| 
+				  Dir["#{path}/**/*.rb"].each do |x|
 						begin
-							load x
+							require x
 						rescue => e
 							next
 						end
@@ -48,34 +76,11 @@ module Risu
 			#
 			def validate(template)
 			  t = template.new
-				
+
 				return false if t == nil
 			  return t.respond_to?(:render)
 			end
 
-			#
-			#
-			def find_plugins(file_name)
-				Dir.new("#{file_name}").each do |file|
-					next if file.match(/^\.+/)
-					path = "#{file_name}/#{file}"
-
-					if  FileTest.directory?("#{path}")
-						list("#{path}")
-					else
-						self.register_template path
-					end
-				end
-			end
-
-			#
-			#
-			def register_template(plugin)
-			  load plugin
-
-			  @templates.push(plugin) if @templates.include?(plugin) == false
-			end
-			
 			# Finds a template by its name
 			#
 			# @param name Name of the template to find
@@ -88,15 +93,15 @@ module Risu
 						return t
 					end
 				end
-				
+
 				return nil
 			end
-			
+
 			# Displays a list of all the templates
 			#
 			def display_templates
 				puts "Available Templates"
-			  @registered_templates.each do |x| 
+			  @registered_templates.each do |x|
 			      p = x.new
 			      puts "\t#{p.template_info[:name]} - #{p.template_info[:description]}\n"
 			    end
@@ -104,8 +109,3 @@ module Risu
 		end
 	end
 end
-
-
-
-
-

data/lib/risu/base/templater.rb

@@ -1,31 +1,58 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Base
-		# Templater class for generating a report from a erb template
+
+		# Templater class for generating a report from a ERB template
 		#
-		# @author Jacob Hammack
 		class Templater
 			attr_accessor :template, :template_manager, :findings, :output_file
-		
-			# Setups of the Templater class initalizing all of the variables
+
+			# Setups of the Templater class initializing all of the variables
 			#
 			# @return [Templater] New Instance
 			def initialize(template, findings, output, template_manager)
 				@template = template
 				@findings = findings
-				@output_file = output			
+				@output_file = output
 				@template_manager = template_manager
 			end
-		
-			# Generates a report based on the erb template
+
+			# Generates a report based on the ERB template
 			#
 			def generate
 				begin
 					template = @template
 					template_manager = @template_manager
-					
-					Prawn::Document.generate(@output_file, :margin => [75, 50, 75, 50]) do |output|						
+
+					Prawn::Document.generate(@output_file, :margin => [75, 50, 75, 50]) do |output|
 						output.font_size 12
 						t = template_manager.find_template_by_name(template)
+						t = t.class.new
 						t.render(output) unless t == nil
 					end
 				rescue => e

data/lib/risu/cli.rb

@@ -1,3 +1,29 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module CLI
 	end

data/lib/risu/cli/application.rb

@@ -1,15 +1,40 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module CLI
 
 		# Application class for Risu
 		#
-		# @author Jacob Hammack <jacob.hammack@hammackj.com>
 		class Application
 			include Risu::Base
 			attr_accessor :database
 
-			# Initalizes a CLI Application 
-			# 
+			# Initializes a CLI Application
+			#
 			def initialize
 				@options = {}
 				@database = {}
@@ -18,15 +43,15 @@ module Risu
 
 				@options[:debug] = false
 				@options[:list_templates] = false
-				
+
 				@template_manager = Risu::Base::TemplateManager.new "risu/templates"
 			end
 
-			# Creates a blank config file
+			# Creates a blank configuration file
 			#
 			# @todo does this need exception handling
 			#
-			# @param file Path to config file
+			# @param file Path to configuration file
 			#
 			def create_config(file=CONFIG_FILE)
 				File.open(file, 'w+') do |f|
@@ -48,8 +73,8 @@ module Risu
 
 			# Loads the configuration file
 			#
-			# @param file Path to config file
-			# @param in_memory_config [Boolean] If the config is in memory
+			# @param file Path to configuration file
+			# @param in_memory_config [Boolean] If the configuration is in memory
 			#
 			def load_config(file=CONFIG_FILE, in_memory_config=false)
 				if File.exists?(file) == true or in_memory_config == true
@@ -72,11 +97,11 @@ module Risu
 							end
 						end
 					rescue => e
-						puts "[!] Error loading config! - #{e.message}"
+						puts "[!] Error loading configuration! - #{e.message}"
 						exit
 					end
 				else
-					puts "[!] Config file does not exist!"
+					puts "[!] Configuration file does not exist!"
 					exit
 				end
 			end
@@ -88,7 +113,7 @@ module Risu
 			def migrate(direction)
 				begin
 					if @database["adapter"] == nil
-						return false, "[!] Invalid database adapter, please check your config file"
+						return false, "[!] Invalid database adapter, please check your configuration file"
 					end
 
 					ActiveRecord::Base.establish_connection(@database)
@@ -101,18 +126,20 @@ module Risu
 						ver.version = Risu::VERSION
 						ver.save
 					end
-					
+
 					puts "[*] Dropping tables" if direction == :down
 
+				#@todo temp hack, fix this by checking the schema on :up or :down for exiting data
+				rescue SQLite3::SQLException => sqlitex
+					puts "#{sqlitex.message}\n #{sqlitex.backtrace}" if @options[:debug]
+					continue
 				rescue ActiveRecord::AdapterNotSpecified => ans
-					puts "[!] Database adapter not found, please check your config file"
+					puts "[!] Database adapter not found, please check your configuration file"
 					puts "#{ans.message}\n #{ans.backtrace}" if @options[:debug]
-
 					exit
 				rescue ActiveRecord::AdapterNotFound => anf
-					puts "[!] Database adapter not found, please check your config file"
+					puts "[!] Database adapter not found, please check your configuration file"
 					puts "#{ans.message}\n #{ans.backtrace}" if @options[:debug]
-
 					exit
 				rescue => e
 					puts "[!] Exception! #{e.message}\n#{e.backtrace}"
@@ -127,21 +154,19 @@ module Risu
 					if @database["adapter"] == nil
 						puts "[!] #{@database['adapter']}" if @options[:debug]
 
-						return false, "[!] Invalid database adapter, please check your config file"
+						return false, "[!] Invalid database adapter, please check your configuration file"
 					end
 
 					ActiveRecord::Base.establish_connection(@database)
 					ActiveRecord::Base.connection
 
 				rescue ActiveRecord::AdapterNotSpecified => ans
-					puts "[!] Database adapter not found, please check your config file"
+					puts "[!] Database adapter not found, please check your configuration file"
 					puts "#{ans.message}\n #{ans.backtrace}" if @options[:debug]
-					
 					exit
 				rescue ActiveRecord::AdapterNotFound => anf
-					puts "[!] Database adapter not found, please check your config file"
+					puts "[!] Database adapter not found, please check your configuration file"
 					puts "#{anf.message}\n #{anf.backtrace}" if @options[:debug]
-					
 					exit
 				rescue => e
 					puts "[!] Exception! #{e.message}\n #{e.backtrace}"
@@ -169,6 +194,7 @@ module Risu
 			# Starts a console and executes anything in a block sent to it
 			#
 			# @param block Code block to transfer control
+			#
 			def consolize &block
 
 				yield
@@ -207,16 +233,17 @@ module Risu
 						opt.on('-o', '--output-file FILE', 'The filename to output the generated report to') do |option|
 							@options[:output_file] = option
 						end
-						
+
 						opt.on('-l', '--list-templates', "Lists all of the templates available to #{APP_NAME}") do |option|
 							@options[:list_templates] = option
 						end
 
-						opt.on('--create-template NAME', "Creates a template file in the ~/.risu/templates directory") do |option|
-							if File.exists?(option) == true
-								puts "[!] Template "
-							end
-						end
+						# @todo THIS NO WORK
+						#opt.on('--create-template NAME', "Creates a template file in the ~/.risu/templates directory") do |option|
+						#	if File.exists?(option) == true
+						#		puts "[!] Template "
+						#	end
+						#end
 
 						opt.separator('')
 						opt.separator('Configuration Options')
@@ -230,13 +257,13 @@ module Risu
 							end
 						end
 
-						opt.on('--create-config-file [FILE]',"Creates a config file in the current directory with the specified name, Default is #{CONFIG_FILE}") do |option|
+						opt.on('--create-config-file [FILE]',"Creates a configuration file in the current directory with the specified name, Default is #{CONFIG_FILE}") do |option|
 							if option == nil
 								option = CONFIG_FILE
 							end
 
 							if File.exists?(option) == true
-								puts "[!] Config file already exists; If you wish to over-write this file please delete it."
+								puts "[!] Configuration file already exists; If you wish to over-write this file please delete it."
 							else
 								if option == nil
 									create_config
@@ -267,7 +294,7 @@ module Risu
 						opt.separator 'Other Options'
 
 						opt.on_tail('-v', '--version', "Shows application version information") do
-							puts "#{APP_NAME} - #{VERSION}"
+							puts "#{APP_NAME}: #{VERSION}\nRuby Version: #{RUBY_VERSION}\nRubygems Version: #{Gem::VERSION}"
 							exit
 						end
 
@@ -305,10 +332,9 @@ module Risu
 			#
 			def run
 				parse_options
-				
+
 				if @options[:list_templates]
 					@template_manager.display_templates
-					
 					exit
 				end
 
@@ -361,7 +387,7 @@ module Risu
 					@findings.title = @report["title"]
 					@findings.company = @report["company"]
 					@findings.classification = @report["classification"]
-					
+
 					template = Templater.new(@options[:template], @findings, @options[:output_file], @template_manager)
 					template.generate
 				end
@@ -386,7 +412,8 @@ module Risu
 
 			# Handles the parsing of a single file
 			#
-			# @param file 
+			# @param file The to parse
+			#
 			def parse_file file
 				begin
 						puts "[*] Parsing #{file}..."
@@ -396,20 +423,26 @@ module Risu
 							raise Risu::Exceptions::InvalidDocument, "[!] Document does not exist - #{file}"
 						end
 
-						doc = Risu::Parsers::Nessus::NessusDocument.new file
-						if doc.valid? == true
-							doc.parse
+						nessus_doc = Risu::Parsers::Nessus::NessusDocument.new file
+						nexpose_doc = Risu::Parsers::Nexpose::NexposeDocument.new file
+
+						if nessus_doc.valid? == true
+							nessus_doc.parse
 
 							puts "[*] Fixing IP Address field"
-							doc.fix_ips
+							nessus_doc.fix_ips
+						elsif nexpose_doc.valid? == true
+							nexpose_doc.parse
 
+							puts "[*] Fixing IP Address field"
+							nexpose_doc.fix_ips
 						else
 							raise Risu::Exceptions::InvalidDocument, "[!] Invalid Document - #{file}"
 						end
 
 						printf "[*] Finished parsing %s. Parse took %.02f seconds\n", file, Time.now - tstart
 				rescue Interrupt => i
-					puts "[!] Parse cancelled!"
+					puts "[!] Parse canceled!"
 					exit(1)
 				rescue Mysql::Error => m
 					if m.errno == 1146